Small Office Network

[codyhazelwood]

Hello, I'm trying to setup a network in my small office. We're scraping the one that's in place as it's way too old and slow.

Here's what I need it to do:

I need at least 8 wired gigabit ethernet ports
An internal wifi that has access to everything (encrypted)
An external wifi that ONLY has internet access

On the internal network I will be hooking up about 5 computers, network attached RAID storage, a copier, and a WAP for the internal network.

We have DSL

I know somewhere we'll need a router or firewall, but I'm not sure how.

Thanks.

 

[YeOldeStonecat]

Several different approachs to this....my first method would utilize 4x components.

1-A small business grade broadband router, such as the RV042
2-A web managed switch...gigabit, room to grow, the 24 port HP ProCurve 1800 model. Lifetime warranty. Or if need to save a few more bucks, one of the Linksys/Cisco SRW models. Perhaps a 12 or 18 port in the interest of budget
3-2x access points.
First access point (access point A) set with a unique SSID, and try ch 1, secured with WPA or WPA2.
Second access point (access point B) set with a different SSID, and perhaps ch 11, secured with WPA and a different security key than AP A.

Web managed switch, as well as both access points, to have the web admin password changed from default.

Uplink the router to your managed switch using port 1 on the switch.
Uplink your workstations and Access Point A (the one that is set to be your business network access point) using ports 2-9 on the switch.
Uplink your "guest" Wireless access Point B to port 10 on the switch.

Create 2x port based VLANs on the switch....VLAN 1 and VLAN 2.
VLAN 1 has ports 1 through 9 as members.
VLAN 2 has ports 1 and 10 as members....wireless clients

Your guest clients will get internet access since that AP shares port 1 which is your router, within its VLAN2. It cannot see or gain access to any of your office network computers.

The above setup can be done with rather entry level biz grade network equipment, that is not difficult for the "non network savvy" person to setup. It is rather bulletproof. The disadvantages? A little more pricey to setup (while sipping first cup of coffee, a quick adding up $ in my head..from 500-maybe 600 bucks in equipment). And...you have little - no way of throttling your "guest" wireless clients so they don't abuse/impact your internet connection.

 

[scotty]

+1. That would be a pretty solid way to set up the network. My recommendations would be pretty much the same. Good biz-grade router, switch, a couple AP's. Lots of room to grow, solid components. Not very hard to set up. StoneCat's hit er on the head.

 

[DKane]

I am going to do something simillar. I am going to do it for office, is there any advice as far as firewall? and I only need 8 port switch, tops 12. And one wireless AP. Could you point me in right direction? I tried to do research but I am a noob and admit to it, so I want to do my homework first. Also does anybody have experience with mohawk cables?

Thanks

 

[scotty]

I am going to do something simillar. I am going to do it for office, is there any advice as far as firewall? and I only need 8 port switch, tops 12. And one wireless AP. Could you point me in right direction? I tried to do research but I am a noob and admit to it, so I want to do my homework first. Also does anybody have experience with mohawk cables?

Thanks

Pretty much the same recommendations as above. A router like a Linksys RV042 is a pretty popular small biz-grade router. Other considerations are a Sonicwall TZ180 or Watchguard X10e. They range between $300 and roughly $700 depending on some of the options you can get with them (3 year warranties, UTM subscriptions, etc). Like above, I usually recommend getting a standalone switch as opposed to keeping everybody tethered into the router. You can buy 8 and 16 port routers of various brands for pretty cheap, but for a business I typically lean towards a slightly beefier switch like an HP procurve.

Nothing necessarily stopping you from buying a $39 router and a $39 switch, but in business environments I usually recommend getting stuff that's slightly beefier. Part of it's experience, part biased preference. But the small-biz grade stuff tends to be built a little better, with better hardware, better warranties, better support, and overall a little more stable. Considering how important internet and network connectivity is for even the smallest businesses these days, I personally think it's well worth spending a couple hundred extra dollars, which really isn't much in the grand scheme. I can't tell you how many times I've had to reboot/replace little WRT54's which serve as a backbone to networks of 5-50 people. Rarely do I ever have to reboot a sonicwall or cisco...

No experience with mohawk personally. Providing they're installed and tested properly, I've never had problems with basic cat5 cabling.

 

[YeOldeStonecat]

I am going to do something simillar. I am going to do it for office, is there any advice as far as firewall? and I only need 8 port switch, tops 12. And one wireless AP. Could you point me in right direction? I tried to do research but I am a noob and admit to it, so I want to do my homework first. Also does anybody have experience with mohawk cables?

Thanks

Linksys/Cisco RV016
And hang an access point off of it. What kind of wireless needs?

 

[DKane]

Thank YOU all very much, didn't expect that fast of a response. I will admit, I am new to this as I said. Not to working on computers but networking (more complex than wrt54 with 5 laptops)
So far I have
Router
Cisco SMB RV042 10/100Mbps

Switch
Cisco SMB SRW2008 Managed
or
ProCurve Switch 1400-8G unmanaged

Could you explain to me
Pros and Cons of unmanaged vs. managed, please?
I will need NIC also any suggestions?
Other Question is wrt54 with DD-WRT? supposibly it works and has alot of features?
As far as firewall goes (I know sounds stupid) how much more better is it vs. computer firewall (eset).
And last I read that TP-Link is good? any thoughts?

Once again Thank You very much for your help, is there any recommended material to read to stop asking these questions?

 

[DKane]

What kind of wireless needs?

Just plain 802.11G (not against N) something to hook up laptop occasionally

 

[scotty]

Thank YOU all very much, didn't expect that fast of a response. I will admit, I am new to this as I said. Not to working on computers but networking (more complex than wrt54 with 5 laptops)
So far I have
Router
Cisco SMB RV042 10/100Mbps

Switch
Cisco SMB SRW2008 Managed
or
ProCurve Switch 1400-8G unmanaged

Pros and Cons of unmanaged vs. managed
I will need NIC also any suggestions?
Other Question is wrt54 with DD-WRT? supposibly it works and has alot of features?
As far as firewall goes (I know sounds stupid) how much more better is it vs. computer firewall (eset).
And last I read that TP-Link is good? any thoughts?

Once again Thank You very much for your help, is there any recommended material to read to stop asking these questions?

Managed switches tend to support more protocols (QOS, VLANing, etc) over unmanaged switches, as well as offering various management features. These may or may not come into play depending on if you need them. Keep in mind the RV042 supports many of these protocols in its switches, like QoS, port based VLAN'ing, etc. So you dont necessarily need a managed switch if you want to do a little vlanning or QoS.

DDWRT (and Tomato) are fairly popular, and yes they open a WRT to do a lot more. Personally, I haven't used it much and have only tinkered with it a little. DDWRT is pretty popular, but I probably wouldn't ever install it in a business environment (see below). Computer-based firewalls also have their following. I personally use pfsense at home (likely the most popular of the firewall distributions) and I've been really impressed by it. It offers a really impressive suite of features and it's been rock solid. It's a pretty competitive product. Some swear by it, some will only use brand-name hardware firewalls (cisco, sonicwall, linksys, etc).

Personally, I've been in IT for many years and after a few late nights and lessons learned, I tend to err on the side of playing it safe and over engineering solutions. As such, I dont really like doing things like DDWRT in a business setting. I'd much rather just put in a RV042 or Sonicwall/Watchguard/Cisco and sleep a little easier. That's just my personal preference which not all share.

 

[YeOldeStonecat]

Could you explain to me
Pros and Cons of unmanaged vs. managed, please?
I will need NIC also any suggestions?
Other Question is wrt54 with DD-WRT? supposibly it works and has alot of features?
As far as firewall goes (I know sounds stupid) how much more better is it vs. computer firewall (eset).

Scotty covered lots of the "managed vs unmanaged" points....basically, if all you ever see yourself having is a single basic network...and if you wish to keep your budget down, stick with an unmanaged switch. Some common uses in smaller biz networks for managed switches is to separate the network via VLANs...so that computers in one VLAN cannot see computers in other VLANs. Having open wireless networks is a common use for this, or..say...school networks..so that the common student PCs cannot get to the office computers.

DD-WRT and Tomato add some neat features to routers...such as basic VLAN needs, some better QoS features, increased stability, slightly snappier performance. But for business networks...as the primary router, I don't use them there. I have used the firmware to utilize the routers as pure access points..it does a good job there...much more stable. It doesn't really add much for "better firewall" jobs...NAT is NAT, SPI is SPI. Using 3rd party firmware on a unit as your primary router really doesn't add security versus stock firmware. Same as Scotty mentioned...for a small business network, over the years I've learned to stick with full biz grade hardware as the primary router. "Set it and forget it". Using home grade equipment here ends up with frequent phone calls.."My internet is down". "OK...reboot your router". I get tired of those.

Software firewalls/Internet Security Suites....are different, they protect each PC...and what they do, that a router does not...is filter "outbound" stuff on the computer. Say your computer picks up a trojan...and that trojan goes to "phone home"...and begin a communication channel to the hacker...a NAT router will not stop that, but a software firewall has the ability to..if the end user pays attention. Usually the end user does not though, most end users see the firewall prompt for "svchost is attempting to..."...and frustratingly just clicks "Allow". I don't use software firewalls..for the sole purpose of they end up being too naggy, too many phone calls, not worth the trouble. That's just my opinion and my preference though. I try to keep the PCs patched up, cleaned and use good antivirus/antithreat software on them to keep the trojans off in the first place.

Per your PM...if you want gigabit LAN...yeah the RV016 won't be for you, stick with a smaller router like the RV042..and get a gigabit switch to uplink to. No sense in paying extra for the RV016 if you won't use extra the 10/100 ports on it for your LAN.

 

[DKane]

Thanks, I was just curious about the DD-WRT. Is it OK if I post a setup?

Router is RV042
Switch Cisco SMB RV042
NIC Intel PWLA8391GT 10/ 100/ 1000Mbps PCI PRO/1000 GT
Firewall I am still hessitant about which to chose (I know I need one)

I can definetly relate with the phone calls etc. different are same concept, get better for few more bucks, saves you couple grey hair.

If anybody has a Firewall suggestion, please post it.

And super dumb question: Verifying cable is sufficient or the same as cerifing?
I have fluke microscanner2

Thank YOU VERY MUCH

 

[YeOldeStonecat]

Are you running the cables yourself? Through walls/ceiling/wallplate jacks? Or just doing patch cables? Terminating the cables yourself?

 

[DKane]

I will be assisting to run cables (havent done it b4) and then setup myself

 

[YeOldeStonecat]

So there's someone there who is experienced in doing them?

To be blunt..whenever I walk into a "new network"...to help setup or take over as their consultant or <whatever>...and I see home-made cables...I want to stop and walk out..and come back when they've been re-done by a pro. Looking back in time...I can't begin to count the hours spent troubleshooting some network issue...that ended up being a bum cable job.

As long as you're assisting someone who has the experience.....and can double check things, lay it out right, and terminate it correctly.

Make things easier and more reliable for you...if you're doing wallplates 'n a patch panel...get Panduit NetKey products.

 

[DKane]

It will be brand new network, I will have somebody check it out (a real pro), just cant stand being blamed for slow wireless (runing soft from main pc) via wireless so pathetic so finally I got them to agree to put cable in.

Thank you so much for helping me.
btw, Admitting is the first step (I am not wired network experienced)
And I agree, rather get the job done right than pretend its ok

 

[scotty]

I agree with Stonecat completely. I think we share some common experiences when it comes it IT support. Making your own cables is one thing, but when it comes to wiring a new office I leave it to the pros. They test and certify the cables properly, not to mention they're way better and way faster at it. Given the cost of my time, I would probably end up charging more for doing a crappier job.

I usually insist on Leviton.

 

[YeOldeStonecat]

just cant stand being blamed for slow wireless (runing soft from main pc) via wireless so pathetic so finally I got them to agree to put cable in.

Always a good decision to run wire when you can. When the guy is already there running cable...putting a few more in is cost effective. Forecast future growth of the office also...it doesn't cost much more to have him put a pair of runs over to each desk area..so you'll have 2x network jacks there.

Some applications are finicky when trying to run them over wireless...so the $$$ cost of running wired now...versus the cost of frustration over the long haul in dealing with software hiccups 'n glitches because it doesn't like wireless. ("Darn...Quickbooks freaked out on Jane again..she just lost 4 hours of entering invoices!")

Also think about the office layout...perhaps a drop here 'n there for a network printer or two. What about a spot for a real server down the road? If so...a location with a good enough electrical outlet.

 

[DKane]

Always a good decision to run wire when you can. When the guy is already there running cable...putting a few more in is cost effective. Forecast future growth of the office also...it doesn't cost much more to have him put a pair of runs over to each desk area..so you'll have 2x network jacks there.

Some applications are finicky when trying to run them over wireless...so the $$$ cost of running wired now...versus the cost of frustration over the long haul in dealing with software hiccups 'n glitches because it doesn't like wireless. ("Darn...Quickbooks freaked out on Jane again..she just lost 4 hours of entering invoices!")

Also think about the office layout...perhaps a drop here 'n there for a network printer or two. What about a spot for a real server down the road? If so...a location with a good enough electrical outlet.

So glad I am not alone with the wireless frustration, even the software company told the guy the same thing I did, wireless is not supported by our software. He wouldn`t even let me put new router in, he is using modem/router/swith with tiny rubber duck so called antenna noname brand (the ATT junk)

Could anybody chat with me have few more questions... would really appreciate it

pmpdaid86@hotmail.com

Thanks

 

[YeOldeStonecat]

Glad to help off the boards....but it's good to keep the questions flowing here. Don't worry about how basic the questions may seem...there are tons of other lurkers on the board who may have the same questions and can benefit. Plus you get more feedback in answers from different techs here. There can be several approaches and solutions resulting from the input from several techs....many of which are good. Finding the ones that work best for you, out of a pool of suggestions, is better.

 

[DKane]

Ok, thanks I just didn`t want to annoy people. I guess the best for me would to work with/for somebody who does networks so I can learn it and then do it my own. I found a book about networking (just for theory) I watched youtube videos(hints and tricks) on pullng cable etc. The book is called Cabling: The Complete Guide to Network Wiring, 3rd Edition.

Does any of you hav a preffered Network card for workstations?